NetBSD Information for VU#593299

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Status

Affected

Vendor Statement

NetBSD has published an advisory about this issue at:

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc

                 NetBSD Security Advisory 2000-018
                 =================================

Topic:          One-byte buffer overrun in ftpd
Version:        All official releases up to and including 1.5
Severity:       possible remote root compromise.
Fixed:          NetBSD-current: December 4, 2000
                NetBSD 1.4 branch: December 14, 2000
                NetBSD 1.5 branch: December 13, 2000

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Good signature made 2000-12-20 18:48 GMT by key:

  1024 bits, Key ID F8376205, Created 1997-07-01
   "security-officer@netbsd.org"

If you have feedback, comments, or additional information about this vulnerability, please send us email.